Dashboards not using System Proxy

Hello there,
I am trying to connect to Open ID auth in Dashboards but it not connecting to IDp and connection is getting timeout. Found a solution for same in Kibana is there some setting like that also present here

Thanks for the help in advance

What IDp are you using, also area you able to provide config.yaml and dashboards.yaml file? Redact any sensitive details if necessary

I am using my corporate IDp for the SSO which is behind proxy. I have setup the proxy in jvm.options for Opensearch and also in my ubuntu machine in system variable. When I send the IDp auth token to opensearch I am able to get response.

Dashboard config file-
opensearch.hosts: [“http://localhost:9200”]
opensearch.ssl.verificationMode: none
opensearch.username: “kibanaserver”
opensearch.password: “kibanaserver”
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [“Global”, “Private”]
opensearch_security.readonly_mode.roles: [“kibana_read_only”]

Use this setting if you are running kibana without https

server.host: “”
server.basePath: “/dashboard”
server.rewriteBasePath: true

Enable OpenID authentication

#opensearch_security.auth.type: “openid”

The IdP metadata endpoint

opensearch_security.openid.connect_url: “IDP Well Known Endpoint”

The ID of the OpenID Connect client in your IdP

opensearch_security.openid.client_id: “<client -id>”

The client secret of the OpenID Connect client

opensearch_security.openid.client_secret: “client-secret”

opensearch_security.openid.scope: “openid email profile”
opensearch_security.openid.base_redirect_url: “<redirect - URI>”

Can you provide the config.yml?
Also, is below line suppose to be commented out?
#opensearch_security.auth.type: “openid”

#opensearch_security.auth.type: “openid” ← Not supposed to be commented out.

Config.yml file which I am using

type: “config”
config_version: 2


# Set filtered_alias_mode to ‘disallow’ to forbid more than 2 filtered aliases per index
# Set filtered_alias_mode to ‘warn’ to allow more than 2 filtered aliases per index but warns about it (default)
# Set filtered_alias_mode to ‘nowarn’ to allow more than 2 filtered aliases per index silently
#filtered_alias_mode: warn
#do_not_fail_on_forbidden: false
# Kibana multitenancy
#multitenancy_enabled: true
#server_username: kibanaserver
#index: ‘.kibana’
anonymous_auth_enabled: false
enabled: false
#internalProxies: ‘|’ # regex pattern
internalProxies: ‘.*’ # trust all internal proxies, regex pattern
#remoteIpHeader: ‘x-forwarded-for’
###### see Pattern (Java Platform SE 7 ) for regex help
###### more information about XFF X-Forwarded-For - Wikipedia
###### and here RFC 7239: Forwarded HTTP Extension
###### and Apache Tomcat 8 Configuration Reference (8.0.53) - The Valve Component
http_enabled: true
transport_enabled: true
order: 1
type: openid
challenge: false
subject_key: display_name
roles_key: roles
type: noop
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
transport_enabled: true
order: 0
type: basic
challenge: false
type: internal

The first link you posted (xpack.fleet.registry) seems to be for reaching the Elastic Package manager registry behind a proxy.

There is no additional configuration needed to to make Opensearch work.

Therefore I would focus on the config, did you remove the # from the below:
#opensearch_security.auth.type: “openid”

Can you also confirm openid_connect_url in config.yml is filled in.

Also, can you copy the same value from openid_connect_url to dashboards.yml under:


I have uncommented this line-> #opensearch_security.auth.type: “openid” from opensearch dashboard config
And it is same which is filled in config.yml → openid_connect_url

My opensearch is connecting to openID servers because I set -Dhttp.proxyHost and -Dhttp.proxyPort

Is there any same settings for Opensearch Dashboards

@manikya I think that setting is only for Elastic Agent setup. According to the docs at least.

I would recommend to remove those settings and focus on the rest of the config.

The problem as I understand it is that OpenSearch Dashboards for OP is installed in environment where you require an HTTP/HTTPS Proxy to connect to the outside world.

Last time I researched this OpenSearch Dashboards does not support setting a proxy, even if the underlying software does.

I went ahead and created an issue on this: Support httpsProxy in OpenSearch Dashboards for OIDC support · Issue #911 · opensearch-project/security-dashboards-plugin · GitHub

The workaround we used was to use netcat locally and setup a host alias to make all requests to our OIDC vendor go through our proxy. It’s kind of “dirty”, but works.